What you are asking for is called a 'Trust No One' (TNO) or 'Zero Trust' architecture. In the USA TNO is required for web applications in the health care space. In a TNO system it will not be possible for the operator of the server to recover the password of the clients, because only the client can have the encryption keys.
–
Jim In TexasJul 5 '12 at 19:22

1 Answer
1

If you want to make sure that the server isn't able to decrypt the file, you must not reveal the password to the server. Therefore

the encryption password must not be used for server-side authentication;

the data must be encrypted on the client side.

You can build complex architectures, but fundamentally, if you don't trust the server, don't give it your password.

An simple web application (server-side PHP plus client-side JavaScript) that does this is ZeroBin. I recommend reading this write-up on Ars Technica about a site based on Zerobin. ZeroBin does not perform any authentication, which may or may not be what you want — this is just an (open source) example to illustrate the principle.

In order to have confidence that ZeroBin does not reveal your data to the server, you need to review the JavaScript code that is executed in the browser, and convince yourself that it performs as advertised.

Alternatively, if you want to perform the encryption server-side, you need to assure yourself that the server is secure enough for your needs. That means you need to trust (or have some third party (that you trust) verify through an audit) that:

The server does not store or leak passwords.

The server code behaves as advertised; in particular, it only stores encrypted data and promptly erases any temporary copies of plaintext.

The data in transit is properly protected.

The server is physically secure, so that no intruder can access your data or your password while it is in use.

People with legitimate access to the server (e.g. system administrators) are trustworthy.